Vulnerabilities > Cisco > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-02-19 CVE-2020-3154 SQL Injection vulnerability in Cisco Cloud web Security 5.2(0)
A vulnerability in the web UI of Cisco Cloud Web Security (CWS) could allow an authenticated, remote attacker to execute arbitrary SQL queries.
network
low complexity
cisco CWE-89
4.9
4.9
2020-02-19 CVE-2020-3153 Uncontrolled Search Path Element vulnerability in Cisco Anyconnect Secure Mobility Client 4.8.00175/4.8.01090
A vulnerability in the installer component of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated local attacker to copy user-supplied files to system level directories with system level privileges.
local
low complexity
cisco CWE-427
6.5
6.5
2020-02-19 CVE-2020-3138 Improper Verification of Cryptographic Signature vulnerability in Cisco Enterprise Network Function Virtualization Infrastructure
A vulnerability in the upgrade component of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to install a malicious file when upgrading.
local
low complexity
cisco CWE-347
6.7
6.7
2020-02-19 CVE-2020-3132 Resource Exhaustion vulnerability in Cisco Cloud Email Security and Email Security Appliance
A vulnerability in the email message scanning feature of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a temporary denial of service (DoS) condition on an affected device.
network
high complexity
cisco CWE-400
5.9
5.9
2020-02-19 CVE-2020-3113 Cross-site Scripting vulnerability in Cisco Data Center Network Manager
A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface.
network
low complexity
cisco CWE-79
5.4
5.4
2020-02-19 CVE-2015-0749 Cross-site Scripting vulnerability in Cisco Unified Communications Manager
A vulnerability in Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on the affected software.
network
low complexity
cisco CWE-79
6.1
6.1
2020-02-06 CVE-2013-2684 Cross-site Scripting vulnerability in Cisco Linksys E4200 Firmware 1.0.05
Cross-site Scripting (XSS) in Cisco Linksys E4200 1.0.05 Build 7 devices allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
cisco CWE-79
6.1
6.1
2020-02-06 CVE-2013-2683 Information Exposure vulnerability in Cisco Linksys E4200 Firmware 1.0.05
Cisco Linksys E4200 1.0.05 Build 7 devices contain an Information Disclosure Vulnerability which allows remote attackers to obtain private IP addresses and other sensitive information.
network
low complexity
cisco CWE-200
5.3
5.3
2020-02-05 CVE-2013-2682 Improper Restriction of Rendered UI Layers or Frames vulnerability in Cisco Linksys E4200 Firmware 1.0.05
Cisco Linksys E4200 1.0.05 Build 7 devices contain a Clickjacking Vulnerability which allows remote attackers to obtain sensitive information.
network
low complexity
cisco CWE-1021
4.3
4.3
2020-02-05 CVE-2020-3149 Cross-site Scripting vulnerability in Cisco Identity Services Engine
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker to perform a stored cross-site scripting (XSS) attack on an affected device.
network
low complexity
cisco CWE-79
4.8
4.8